KR20080027220A - Portable memory storage device with biometric identification security - Google Patents

Abstract

A portable memory storage device is disclosed where access to information on the device is granted only upon proper biometric authentication of a user. The device includes a controller, a non-volatile memory which may be a flash memory, and a biometric scanner system for controlling access to the information within the non-volatile memory. Each of the controller, non volatile memory and biometric scanner system may be mounted in a base of the portable device, with the biometric system having an exposed surface on a top portion of the base for accepting biometric data such as a fingerprint. A cover is provided which includes a USB connector capable of mating within a USB port of the host device to establish communications between the portable and host devices. The cover also covers the exposed portion of the biometric scanner to protect the sensor when the portable memory storage device is not in use. ® KIPO & WIPO 2008

Description

PORTABLE MEMORY STORAGE DEVICE WITH BIOMETRIC IDENTIFICATION SECURITY}

The present invention relates to a design application filed with the present invention (Application No. 29 / 230,382) "Portable Memory Storage Device" (Agent No. SAND-01063US0). The entire copy of this design application is incorporated herein by reference to the present invention.

Embodiments of the present invention relate to a biometric security capable portable memory storage device.

Nonvolatile semiconductor memory devices, such as flash memory storage drives, are widely used to meet the growing demand for digital information storage and exchange. In addition to its small size, portability, high reliability, and high capacity, flash memory drives are conveniently attached and detached to a variety of electronic devices with appropriate access ports (e.g., USB ports or serial bus ports such as IEEE 1394 ("Firewire") ports). Can be.

Along with the growing demand for data storage and exchange is the need to maintain data security for unauthorized access. In an effort to make flash memory drives more secure, a method is known for providing a PIN and password authentication path before drive access is granted. Alternatively, it is also known to provide a physical key and smartcard system that allows access to the flash memory drive only when a suitable key or smart card is provided. However, a problem with such security systems is that the access medium can be lost, stolen, forgotten or hacked. Biometric security systems such as fingerprint scanners have been integrated into data storage devices such as flash drives as a result. Unlike passwords, smart cards, etc., biometric data is unique and cannot be stolen or reproduced so that only authorized users can access the information about the drive.

An example of a biometric flash memory is disclosed in US Patent No. 6,707,935, "High Security Flash Memory and Method." As disclosed in the above invention, the fingerprint scanner may be embedded in a flash memory device. If the user touches a finger on the scanner prior to accessing the information contained in the flash memory, the user's fingerprint is scanned, digitized and compared with the stored fingerprint. Access to the flash memory is granted only when the scanned and stored fingerprints coincide with each other.

While providing effective security, conventional biometric flash memory devices have disadvantages. First, ports in host devices into which flash memory is inserted for use are often difficult to access. For example, when used in a desktop or laptop computer, the port is located on the side or back of the computer, which makes it difficult to provide a fingerprint for authentication when the drive is plugged into the port. In addition, typical biometric scanners are formed of brittle materials. Unlike conventional electronics wrapped in a protective housing, biometric scanners must be relatively exposed in order to be able to obtain clear images of fingerprints, unattended or other biometric data. Thus, it is easy for the scanner to be scratched, damaged, or ruined, and the security features and / or the flash memory device can be made useless.

 One embodiment of the invention is directed to a portable memory storage device in which access to information on the device is authorized only upon proper biometric authentication of the user. The device has a multiple piece configuration to allow the portable memory device to be connected to the host device and to have the biometric scanner at a convenient location while communicating. Multiple pieces of portable memory devices also combine with each other to provide a convenient size and convenient shape when not in use and when the biometric scanner is covered for protection.

Embodiments of a portable memory storage device include a controller, a nonvolatile memory that may be flash memory, and a biometric scanner system for controlling access to information in the nonvolatile memory. Each of the controller, nonvolatile memory and biometric scanner system may be mounted to the base of a portable device along with a biometric system having an exposed surface over the base for receiving biometric data such as a fingerprint. In one embodiment, a lid is provided that includes a USB connector that is engageable within a USB port of a host device for establishing communication between portable and host devices.

When not in use, the lid is affixed to the base to cover and protect the biometric scanner. The base further includes a docking enclosure having a configuration similar to a USB port. The connector on the cover is housed in the docking enclosure when not in use and protected, providing a simple and convenient form element for the portable device. The cover is attached to the base by a flexible communication cable, which holds the base and the cover together, and also transfers information between the portable and host devices. The cable may be omitted in embodiments in which wireless communication between the base and the cover is preferred.

The cover is engaged with the serial port of the host device, while the cable allows the base and biometric scanner to be placed in a user selectable and convenient location. As such, biometric data, such as a fingerprint, can be easily entered while the lid is attached to a host USB port to allow communication.

1 is a block diagram of functional elements of a portable memory storage device according to an embodiment of the present invention.

2 is a top view of a NAND string.

3 is an equivalent circuit diagram of a NAND string.

4 is a cross-sectional view of a NAND string.

Figure 5 is a block diagram of one embodiment of a nonvolatile memory system in accordance with the present invention.

6 is a software flowchart illustrating operation of an embodiment of the present invention for authenticating a user with biometric data.

7 is a flowchart showing communication between the portable memory storage device and the host device after user authentication.

8 and 9 are different views of a portable memory storage device according to an embodiment of the present invention.

10 is a perspective view of an open portable memory storage device according to an embodiment of the present invention.

11 is a perspective view of an open portable memory storage device according to an alternative embodiment of the present invention.

12 is an exploded view of a portable memory storage device according to an embodiment of the present invention.

13 is a perspective view of the present invention in a position for connecting to a USB port of the host device.

FIG. 14 is a cross sectional view through line 14-14 in FIG. 9 showing a locking mechanism for securing the lid on the base in the closed state.

An embodiment of the present invention related to a biometric security capable portable memory storage device will now be described with reference to FIGS. The invention may be embodied in many different forms and should not be limited to the embodiments described herein. Rather, these embodiments will enable specific disclosure of the present invention to be thorough and complete, and to fully convey the present invention to those skilled in the art. Furthermore, it is to be understood that the invention encompasses all alternatives, modifications and equivalents of such embodiments as fall within the spirit and scope of the invention as defined by the appended claims. In the following detailed description of the invention, numerous specific details are set forth in order to provide a thorough understanding of the present invention. However, it will be apparent to one skilled in the art that the present invention may be practiced without such specific details.

Referring now to FIG. 1, a block diagram of the functional elements of portable memory storage device 50 connected to host device 52 is shown. Portable memory storage device 50 generally includes integrated circuit 54, memory 56, and biometric scanner system 58. The integrated circuit 54 may be implemented as an application specific integrated circuit (ASIC), but may be implemented in other forms of integrated circuit. Some of the functions performed by the ASIC 54 may also be software.

Memory 56 may be any of a variety of semiconductors, such as, for example, nonvolatile memories, such as flash memory systems. One example of a flash memory system suitable for implementing the present invention uses a NAND structure, which includes an array of multiple transistors between two select gates. The series of transistors and the select gates are referred to as a NAND string. 2 is a top view showing one NAND string. 3 is an equivalent circuit thereof. The NAND string shown in FIGS. 2 and 3 includes a series of four transistors 100, 102, 104, and 106 between the first select gate 120 and the second select gate 122. The select gate 120 connects the NAND string to the bit line 126. The select gate 122 connects the NAND string to the source line 128. The select gate 120 is controlled by applying an appropriate voltage to the control gate 120CG. The select gate 122 is controlled by applying an appropriate voltage to the control gate 122CG. Each transistor 100, 102, 104, and 106 has a control gate and a floating gate. Transistor 100 has control gate 100CG and floating gate 100FG. Transistor 102 has control gate 102CG and floating gate 102FG. Transistor 104 has control gate 104CG and floating gate 104FG. Transistor 106 has control gate 106CG and floating gate 106FG. The control gate 100CG is connected to the word line WL3, the control gate 102CG is connected to the word line WL2, the control gate 104CG is connected to the word line WL1, and the control gate 106CG ) Is connected to the word line WL0. In one embodiment, transistors 100, 102, 104 and 106 are memory cells, respectively. In another embodiment, the memory cells may include multiple transistors or may be different from those shown in FIGS. 2 and 3.

4 provides a cross-sectional view of the NAND string described above. As shown in FIG. 4, transistors of the NAND string are formed in the p-well region 140. Each transistor includes a stack gate structure consisting of control gates 100CG, 102CG, 104CG and 106CG and floating gates 100FG, 102FG, 104FG and 106FG. The floating gates are formed on the surface of the p well above the oxide film. The control gate is over the floating gate with an inter polysilicon dielectric layer separating the control gate and the floating gate. 4 shows a floating gate and a control gate for transistors 120 and 122. However, for transistors 120 and 122, the control gate and the floating gate are connected to each other. In another embodiment, a gate, typically considered a floating gate, is connected while the gate above it is not connected. The control gates of the memory cells 100, 102, 104, 106 form word lines. N + diffusion layers 130, 132, 134, 136 and 138 are shared between adjacent cells, whereby the cells are connected to each other in series to form a NAND string. This N + diffusion layer forms the source and drain of each of the cells. For example, N + diffusion layer 130 serves as a drain of transistor 122 and a source of transistor 106, and N + diffusion layer 132 serves as a drain for transistor 106 and as a source for transistor 104. N + diffusion layer 134 serves as a drain for transistor 104 and a source for transistor 102, and N + diffusion layer 136 serves as a drain for transistor 102 and a source for transistor 100. And the N + diffusion layer 138 serves as a drain for transistor 100 and a source for transistor 120. N + diffusion layer 136 is connected to the bit line for the NAND string, while N + diffusion layer 138 is connected to the common source line for the multiple NAND strings.

Although Figures 2-4 show four memory cells in a NAND string, it is noted that using four transistors is only an example. The NAND string may have four or fewer memory cells or four or more memory cells. For example, some NAND strings may include eight memory cells, 16 memory cells, 32 memory cells, and the like. The discussion herein is not limited to any particular number of memories in the NAND string.

Each memory cell can store data expressed in analog or digital form. When storing one bit of digital data, the range of possible threshold voltages of the memory cell is divided into two ranges assigned to logical data " 1 " and " 0 ". In one example of a NAND type flash memory, the threshold voltage is negative after the memory cell is erased and defined as logic "1". After the program operation the threshold voltage is positive and defined as logic " 0 ". When the threshold voltage is negative and a read is attempted by applying 0 V to the word line, the memory cell will turn on to indicate that logic "1" is stored. When the threshold voltage is positive and a read operation is attempted by applying 0V to the word line, the memory cell will not turn on, indicating that logic "0" is stored. The memory cell can also store multiple levels of information, thereby storing multiple bits of digital data. In the case of storing multiple levels of data, the range of possible threshold voltages is divided by the number of storage levels. For example, if four levels of information are to be stored, there will be four threshold voltage ranges assigned to the data values "11", "10", "01" and "00". In one embodiment of a NAND type memory, the threshold voltage after an erase operation is negative and defined as "11". Positive threshold voltages are used for the states of "10", "01" and "00".

Related examples of NAND type flash memories and their operation are provided in the following U.S. patents, the entire contents of which are incorporated herein by reference: U.S. Patents 5,570,315; U.S. Patent 5,774,397; U.S. Patent 6,046,935; U.S. Patent 5,386,422; U.S. Patent 6,456,528; U.S. Patent 6,522,580. For information on programming NAND flash memory, including self-boosting technology, see US Patent 6,859,397, "Source Side Self Boosting Technique For Non-Volatile Memory," issued February 22, 2005. "; US Patent Application No. 10 / 629,068, filed May 29, 2003, and "Detecting Over Programmed Memory," which are hereby incorporated by reference in their entirety. Other types of flash memory devices can also be used in the present invention. For example, the following patents describe NOR type flash memories, the entire contents of which are incorporated herein by reference: US Pat. No. 5,095,344; 5,172,338; 5,890,192 and 6,151,248. Another example of a flash memory type can be found in US Pat. No. 6,151,248, the entire contents of which are incorporated herein by reference.

The technique described herein is not limited to only floating gate type memory, but is also applicable to memory cells using other types of materials for charge storage. For example, the technique described herein can be used to provide various charge storage region / layer (s) between the control gate (or wordline) and the substrate, such as a small silicon island or nitride layer, better known as a nanocrystal. Can be used with the memory device used. In one embodiment, memory 56 may have a storage capacitor of 512 megabytes (MB) or 1 gigabyte (GB). However, these storage capacitors are merely examples, and the storage capacitors may vary in alternative embodiments.

5 is a block diagram of the memory 56 and ASIC 54 of FIG. 1 in accordance with an embodiment of the present invention. The memory cell array 302 is controlled by a column control circuit 304, a row control circuit 306, a c-source control circuit 310 and a p well control circuit 308. A column control circuit 304 connects to the bit lines of the memory cell array 302 to read the data stored in the memory cells, to determine the state of the memory cells during a program operation and to control the potential levels of the bit lines. To facilitate or inhibit programming. Row control circuit 306 is coupled to the word lines to apply program voltages and erase voltages to apply a read voltage to select one of the word lines. The C source control circuit 310 controls a common source line connected to the memory cells. P well control circuit 308 controls the P well voltage.

Data stored in the memory cells is read by the column control circuit 304 and output to the external I / O lines through the data I / O buffer 312. Program data stored in memory cells is input to the data I / O buffer 312 through external I / O lines and passed to the column control circuit 304. External I / O lines are connected to the controller 54.

Command data for controlling the flash memory device is input to the controller 54. The command data informs the flash memory what operation is requested. The input command is a state machine 316 that controls the column control circuit 304, row control circuit 306, c source control circuit 310, p well control circuit 308 and data I / O buffer 312. Is passed on. The state machine 316 may also output output state data of flash memory, such as READY / BUSY or PASS / FAIL.

The controller 54 can be connected or connectable to a host device 52 such as a PC, digital camera, PDA, cellular phone, or the like. Controller 54 communicates with the host to receive commands and data from the host and to provide data and status information to the host. Controller 54 converts the commands from the host into command signals that can be interpreted and executed by command circuits 314 in communication with state machine 316. Controller 54 typically includes a buffer memory for user data to be written to or read from the memory array. Additional details related to the memory system used in the embodiments of the present invention can be found in US Patent Application 10 / 761,620 "Programming Non-Volatile Memory" (Agent No. SAND-01 017US0). The entire contents are incorporated herein by reference.

Biometric scanner system 58 includes an authentication coprocessor 60 and a biometric scanner 62. The coprocessor and scanner interoperate to accept and authenticate biometric data as described below in detail. In an embodiment of the invention, the biometric scanner system is of a type that accepts fingerprints and / or unattended. However, biometric scanner system 58 may be of a type that accepts other unique personal identification data and is not limited to retinal scanners and glottal identification devices.

In one embodiment of the invention, the scanner 62 may be a silicon-based capacitance fingerprint / unattended sensor type commercialized by UPEK5 of Emeryville, 94608. In general, scanner 62 consists of a two-dimensional array of capacitance sensing cells, each cell comprising an active capacitance feedback circuit whose effective feedback capacitance is varied by the presence of human skin as it approaches the sensor surface. As human skin approaches the sensor cell, the skin interferes with the electric field lines in the cell to reduce the effective capacitance. When the skin is at the sensor surface (fingerprint ridge) the feedback capacitance is minimized, while when the skin is away from the sensor surface (fingerprint valley) the feedback capacitance is maximized.

This difference in capacitance (depending on the presence or absence of human skin) can be measured for each cell in the two-dimensional array to take a full fingerprint image. The sensor array output provides the capability to adjust sensor gain and offset before the signal is converted via an on-chip PJD converter into an 8-bit digital signal for encryption and storage as described below. The analog signal state block can pass through. The method for obtaining biometric data is described by way of example only, and one skilled in the art will understand that other devices and methods may be used to obtain a digital signal of biometric data.

In an embodiment of the present invention, all stored biometric data and comparison with input biometric data is performed within biometric scanner system 58. In particular, the authentication coprocessor 60 may have a linked ROM 66 containing software for performing initialization of the biometric scanner system and comparison of biometric data in the biometric scanner. The authentication coprocessor 60 may also have a nonvolatile memory 68 for storing encrypted reference pattern (s) of biometric data, as described below. The nonvolatile memory 68 may be a flash memory similar to the flash memory 56 described above. In alternative embodiments, non-volatile memory 68 may be omitted, and encrypted biometric data reference pattern (s) may be stored in a promised area within flash memory 56. A system for storing secure cryptographic data reference patterns in nonvolatile memory for use in biometric memory devices is disclosed in US Patent Application 2004/0236954, "Biometric-Based Authentication In A Nonvolatile Memory Device." And the entire contents of the above application are incorporated herein by reference. The coprocessor 60 may further include a RAM 70 for temporarily storing the biometric data reference pattern (s) and scanned biometric data during verification for user verification.

Once the portable memory storage device 50 is connected to the host 52, the initialization or "pass-through" firmware on the ROM 66 initializes the coprocessor 60 and the coprocessor 60 stores the ASIC 54. Communicate with host 52 via UART 72 and USB device interface 74. UART 72 is a well known interface component that handles asynchronous serial communication between biometric scanner system 58 and ASIC 54. Embodiments of the present invention use a USB connection to a host device. The host may include a USB port 160 (FIG. 13) and a USB host controller (not shown) for connecting the USB connector 416 of the portable memory storage device 50, as described below. Depending on the host operating system, software drivers and / or application programming interfaces (APIs) need to be downloaded to the host 52 before communication with the portable memory storage device 52 takes place.

The present invention is not limited to USB communication between the portable memory storage device 50 and the host device 52, and other communication protocols, and both wired and wireless may be considered. In addition, in alternative embodiments of the present invention, ASIC 54 may include additional known components. Examples of such additional components are disclosed in US Patent Application 2003/0005336 "Portable Device Having Biometrics-Based Authentication Capabilities". In addition, while the storage and comparison of input and stored biometric data is described above as being performed by the coprocessor 60, these operations may be performed on the ASIC 54, or in alternative embodiments within the host device 52. Note that it can be executed by the processor 55.

In an embodiment, power to portable memory storage device 50 is received from host 52 via a USB connection. However, device 50 may include an independent onboard power supply in alternative embodiments.

An embodiment of the operation of the biometric scanner device allowing only authorized access to the memory 56 will now be described with reference to the flowchart of FIG. In step 220, the firmware in the ROM 66 checks whether the portable memory storage device 50 is connected to a USB port of the host device. When connected to the host platform, the portable device 50 performs an initialization process (step 222). In an embodiment, the initialization process relates to establishing communication with the host platform via a USB device interface 74 and ensuring that the host platform is aware that portable memory storage device 50 is connected. do.

The authentication coprocessor 60 then determines whether user registration is required. (Step 224) This is where device 50 is used for the first time and there is no biometric data reference pattern (s) in nonvolatile memory 68. It can happen anywhere. If it is determined at step 224 that no reference patterns are stored, then pass-through communication between the authentication processor and the host is performed to perform the registration procedure (step 226). The host 52 presents instructions for guiding the user through the registration procedure (step 228), and the user is instructed to place a finger (or other applicable biometric indicator) on the scanner 58. The biometric data thus obtained is then stored as a reference pattern for use in comparison with scanned user biometric data when access to the memory 56 is attempted. It may be necessary to repeat step 230 as presented on the host 52 and requested until a satisfactory reference pattern is obtained. Preferably, the retry count is user-configurable. If it is assumed that a satisfactory reference pattern has been obtained (step 232), the reference pattern is encrypted for additional security (step 234). A known cryptographic or hashing algorithm may be used to encrypt the reference pattern. The encrypted reference pattern is then stored in nonvolatile memory 68 in step 236. The size of the stored reference pattern may vary in alternative embodiments and may be for example 512 bytes.

In an embodiment, portable memory storage device 50 supports one or more users. In another embodiment, the same user may enroll multiple fingerprints as separate reference patterns. In another embodiment, the same user fingerprint may be registered multiple times as different reference patterns. In this way, portable device 50 may facilitate registration of additional user (s) and / or additional reference pattern (s). The software may inform about additional user (s) and / or additional reference pattern (s) at step 238. If it is indicated that there are additional user (s) and / or additional reference pattern (s), the steps from 230 to 236 are repeated. The ability to add additional user (s) and / or additional reference pattern (s) may also be provided for example at start-up when there are already stored reference patterns.

The electronics forming the biometric scanner system 58 are integral chipsets that can be detached from the PCB supporting the ASIC controller 54 and the memory 56. In order to prevent the removal and addition of a new biometric scanner system from unauthorized access with information on memory 56, coprocessor 60 may proceed to step 240 with biometric scanner system 58 (in memory 56). And the controller 54 can additionally store the serial number. Since the nonvolatile memory 68 connected to the biometric scanner system 58 may be removed if the system 58 is replaced, the stored serial number is preferably not stored in the nonvolatile memory 68. The stored serial number information will be used during the verification procedure described below. Step 240 may be omitted in one embodiment of the invention.

Once the registration procedure is complete, the GUI may indicate successful completion at step 242.

If the authentication coprocessor indicates that there are one or more stored reference patterns in step 224, the software scans the user's biometric data to ensure that the user is authenticated for access to the information on memory 56. . The coprocessor 60 initially reads the scanner serial number (step 243) and checks that the serial number of the biometric scanner system 58 is the same as that stored during the registration procedure by comparing it with the scanner serial number stored in the memory 56. (Step 244) If different, access to the drive is denied and an appropriate message is displayed at step 245. In an embodiment of the invention, instead of simply denying access, the user may choose to enter a password if the stored serial number and the read serial number do not match. If a proper password is entered, access to the drive can still be granted. In embodiments in which the storage of serial numbers is omitted, steps 243-245 may also be omitted.

If the serial numbers match, the user is instructed to touch the scanner with a finger (or other biometric indicator) in step 246, and the scanned image is digitized and loaded into the RAM 70. If an unsatisfactory image is obtained, the user can try again. Preferably, the number of retries is user settable. If it is assumed that a satisfactory image has been obtained, the stored reference pattern (s) are read from nonvolatile memory 68 and loaded into RAM 70 (step 248), decrypted (step 250), and step In 252 is compared with the data obtained in step 246. If there is a match, the host indicates successful scanning (step 254), and access to data in memory 56 is granted.

In an embodiment of the present invention, if the user authentication in steps 246-252 fails to find a corresponding match pattern, access to the flash memory 56 is blocked and an appropriate message is displayed by the host device 52. . Blocking of the memory 56 can be done by a variety of methods, including shutting down or disabling the flash interface or ASIC controller 54 connected to the memory 56, or configuring the controller to reject read and write commands. have. This may also be performed by the host device. In embodiments, the user may be given the choice to repeat steps 246-252 if the verification fails. Preferably the number of retries is user settable.

In an embodiment of the present invention, in the case of a verification failure, the user may be provided with a choice to bypass fingerprint authentication and may access by providing a password instead in step 256. If the bypass password is entered correctly, user authentication is considered successful and step 254 is performed, and access to data in memory 56 is granted. If the bypass password is not entered properly, user verification remains unsuccessful and access is denied. The number of password entry retries can be set by the user. If security needs to be added, it is noted that password requirements can be implemented in addition to fingerprint authentication even during normal path authentication within the technical scope of the present invention.

Note that in embodiments where authentication is performed at the host device, appropriate changes to the authentication process described above are required. According to this particular implementation or application, the information transmitted from the portable device 50 to the host device 52 may be a simple success notification upon successful authentication, or may be image data indicating a user fingerprint in which authentication is in progress.

Where reference patterns are stored, it is contemplated that different reference patterns will have different access privileges to memory 56. As such, access to files and directories on memory 56 may be blocked for certain users while possible for others. Access may be made to coprocessor 60, ASIC 54 or host device 52. It can be controlled to grant different degrees of access. Access privileges can be set by an administrator, for example.

FIG. 7 is a flowchart illustrating communication between the portable memory storage device 50 and the host device 52 once the biometric scanner system has authenticated a user. After the user is authenticated in step 380, the portable memory storage device may be mapped to the host device in step 382. The user may be given a choice via a GUI on the host to modify, add, or delete the stored bioreference patterns in step 384. The user may also be given the ability to read from, write to device 50, run applications from device 50 and perform the operations specified by device 50 in step 386. After completion of all necessary operations, the user may disable portable memory storage device via the GUI of the host device at step 388.

Perspective views of the portable memory storage device 50 are shown in FIGS. 8-11. 8 and 9 show the storage device in the closed position, and FIGS. 10 and 11 show the storage device in the open position as described below. As shown in FIG. 10, the device 50 includes a base 400, a cover 402, and a flexible communication cable 404 connected from the base 400 to the cover 402. The base 400 includes a well or recessed portion 406 on the upper surface 408, which is positioned in the biometric scanner 62. The recessed portion 406 is large enough to accept a finger or thumb so as not to interfere with the position of the finger or thumb on the scanner 62 during scanning.

Base 400 further includes a docking enclosure 410 mounted on or integrally formed on top surface 408. Docking enclosure 410 defines an opening 412 shaped to receive a connector 414 extending out of lid 402. As noted above, portable memory storage device 50 is used in conjunction with a USB serial port in embodiments of the present invention, and for such embodiments connector 414 is shaped to fit within a USB serial port on the host device. Have The size of the opening 412 is provided such that the connector 414 can fit snugly within the opening. For other serial accesses, both the connector 414 and the opening 412 defined by the docking enclosure 410 will be configured differently than what is shown to match the host port to which the connector is fitted.

In one embodiment of the present invention, the cable 404 may have a length between 70 mm and 110 mm, more specifically between 80 mm and 100 mm, more specifically about 90 mm. In alternative embodiments, the length of cable 404 may be less than 70 mm and greater than 110 mm. In an embodiment, the cable 404 is fixedly attached to the base 400 and the cover 402. In alternative embodiments, the cable can be connected so that it can be removed with the base and / or the cover.

In another embodiment of the present invention shown in FIG. 11, the cable 404 may be omitted so that communication between the base 400 and the cover 402 may be wireless. Wireless protocols such as Bluetooth can be used for such embodiments. The Bluetooth system is described in detail in version 1.1 "Specification of the Bluetooth System", February 22, 2001, available at www.Bluetooth.com and / or www.Bluetooth.org and a copy of the specification. The entire contents of which are incorporated herein by reference. In alternative embodiments, other WLAN protocols may be used to establish wireless communication between the base 400 and the cover 402. In embodiments using wireless communication, each of base 400 and lid 402 includes a wireless transmitter / receiver. For example, instead of or in addition to the UART 72, the ASIC 54 may be connected to a wireless transmitter / receiver and (optionally) support logic. Similarly, system 58 will include a wireless transmitter / receiver and (optionally) support logic in communication with authentication coprocessor 60.

12 is an exploded view of base 400 and lid 402. The base 400 includes a lower portion 420 and an upper upper portion 422 which are equipped with the aforementioned electronic elements (ie ASIC 54, flash memory 56 and biometric scanner system 58). It fully surrounds the PCB. PCB 424 may further include LEDs 426 and 428. These LEDs may be used to indicate the state of the portable memory device (eg, access grant or access deny), instead of or in addition to the GUI described above. Window 430 may be provided through top portion 422 that allows scanner 62 to be accessed. The top and bottom portions 420 and 422 can be formed of polycarbonate or other plastic or metal, and can be meshed together or attached by welding or gluing. Once the top and bottom portions are sealed together, the PCB 424 is isolated from the surrounding environment except for the portion of the scanner 62.

Docking enclosure 410 may be formed of polycarbonate or other plastic or metal, and may be mounted to top portion 422 of base 400 by or engaged by welding or adhesion. A pin 432 is provided between the docking enclosure 410 and the bottom portion 420 to mount in the space at the corner of the base 400. The space and pins allow the portable memory device 50 to be conveniently connected to a cord for easy transfer. Corner space and pin 432 may be omitted in alternative embodiments. The rubber pad 434 is attached to the bottom of the bottom portion 420 to improve frictional engagement of the base 400 and the surface on which the base is supported. The rubber pad 434 may be omitted in alternative embodiments.

In an embodiment the cover 402 includes a top portion 442 and a bottom portion 440 surrounding a portion of the cable 404 and the connector 414. At least one portion of the connector 414 extends out of the enclosure formed by the lower and upper portions 440 and 442 for reception in the port of the host device. The cable 404 may have a rigid or flexible portion in the enclosure formed between the bottom and top portions 440, 442, but the portion of the cable 404 that extends out of the enclosure is preferably flexible. In the exploded view shown in FIG. 12, the cable is separated from the base 400, but in the assembled device one or more leads in the cable will be connected to the PCB 424 within the base 400. The top and bottom portions 440 and 442 of the lid 402 may be formed of polycarbonate or other plastics or metals and may be fixed or engaged together by welding or sticking.

The portable memory device can be manufactured by assembling a PCB 424 in the bottom portion 420 having an ASIC 54, memory 56, LEDs 426 and 428, and a biometric scanner system 58. The first end of the cable 404 may then be attached to the PCB 424, and the upper portion 422 of the base 400 may be attached to the lower portion 420. Docking enclosure 410, pin 432 and rubber pad 434 may be attached to base 400. The order of these assembly steps may vary in alternative embodiments. A cable 404 with a connector 414 attached to a second end opposite the first end is provided between the bottom portion 440 and the top portion 442 with at least one portion of the connector 414 protruding from the cover. It may have an enclosed portion, and then the lower and upper portions of the cover are attached together.

As described above, the portable memory device 50 according to the embodiment of the present invention can move between the closed position (shown in FIGS. 8 and 9) and the open position (shown in FIGS. 10, 11 and 13). In the open position, the connector 414 of the lid 402 can engage the USB port 460 of the host device 52 to enable communication between the portable memory device 50 and the host device 52. If the provided biometric is successfully completed), the cover 402 engages the USB port of the host device, while the cable 404 is user selectable for easy access when the base 400 is performed biometric scanning. And place it in a convenient location. That is, while the lid 402 is engaged with the USB port, the orientation and position of the scanner 62 and the base 400 can be changed to facilitate the user's biometric scanning.

When communication with the host device is complete, the lid 402 is removed from the serial port to engage firmly with the base 400. The docking enclosure 410 has an internal configuration similar to the shape of the serial port of the host device such that the connector 414 engages with the inner wall of the docking enclosure in a press-fit engagement to secure the cover over the base. In addition, or alternatively, the base and lid may have a mechanism that forms an interlock engagement to securely position the base and lid together in a closed position. An example of such a mechanism is described with respect to FIG. 14, which is a cross-sectional view taken along line 14-14 in FIG. 9. In embodiments, the base protrudes slightly inward from the sides of the upper portion 422 of the base 400 at one side of the biometric scanner 62 (as shown in FIGS. 13 and 14). Like). The sheath includes a pair of dovetails 452 (shown as an example in FIG. 14). When the sheath is engaged with the base, the dovetail 452 engages the interlock joint between the base and the sheath. It has a portion going under the projection 450 to achieve. As such, the lid will not move from the base unless it is intentionally pushed out of the base.

In the closed position, the cover partially or completely covers the scanner 62 to prevent damage to the scanner and protect the scanner while not in use. When closed, the cover may be placed in sufficient contact with the base or may be only in contact with a certain point around the cover and have some spacing. In embodiments in which portions around the lid are spaced from the base, the gap is preferably small enough to prevent exposure of the scanner 62.

In the closed position, the connector 414 is located in the docking enclosure 410 when not in use to prevent damage as well. In the closed position, the portable memory device 50 also takes a relatively simple form element and a convenient shape. In an embodiment of the present invention, the portable memory device may be 60 mm long, 24 mm wide and 14 mm high. These dimensions are merely examples and in alternative embodiments various dimensions larger or smaller are possible.

As described above, in the embodiment of the present invention, the ASIC 54, the memory 56, and the biometric scanner system 58 are all located within the base 400. In alternative embodiments, the ASIC and / or memory may be located inside the lid 402 and may be connected to the biometric scanner system via a cable 404.

The foregoing description of the invention has been made for purposes of illustration and description, and the invention is not limited to the specific forms disclosed. Many modifications and variations are possible within the technical scope of the invention. The described embodiments have been chosen to best utilize the invention in the specific embodiments and modifications contemplated by those skilled in the art by best describing the principles and practical applications of the invention. The technical scope of the invention is defined by the appended claims.

Claims (33)

A portable memory storage device operable with a host device, A first portion comprising a biometric device for receiving biometric data; and And a second portion including a connector for establishing communication between the portable memory storage device and the host device, wherein the second portion is engageable with the first portion and at least partially covers the first portion. Portable memory storage device. The method of claim 1, Portable memory storage device further comprises a semiconductor memory storage device in one of the first portion and the second portion. The method of claim 1, And a flash memory in one of the first and second portions. The method of claim 3, wherein And if the received biometric data coincides with a reference pattern of the stored biometric data, access to the information stored in the flash memory is permitted. The method of claim 3, wherein And if the received biometric data does not match the reference pattern of the stored biometric data, access to the information stored in the flash memory is blocked. The method of claim 3, wherein And a microcontroller in one of said first and second portions. The method of claim 3, wherein And the biometric device is capable of communicating with the flash memory. The method of claim 1, And a flexible cable for transmitting communication between the first and second portions. The method of claim 1, And the communication between the first unit and the second unit is by wireless communication. The method of claim 1, And the biometric data includes one of a fingerprint, an unattended, a voice data signal, and a retina data image. The method of claim 1, The biometric scanner includes a portion adjacent to an upper surface of the first portion, and the second portion covers the biometric scanner when combined with the first portion. The method of claim 11, And the first portion includes a docking enclosure, and when the first portion is engaged with the second portion, the connector fits into an opening of the docking enclosure. The method of claim 1, And the connector can be fitted into a USB port of the host device. The method of claim 1, And the first portion and the second portion when coupled together comprise a structure for fixing the first portion and the second portion. The method of claim 1, And the second portion is fully engaged with the first portion when joined together. The method of claim 1, And the second portion has portions away from the first portion when joined together. The method of claim 1, And the host device is one of a PC, a digital camera, a PDA and a cellular phone. A portable memory storage device capable of communicating with a host device via a cable having a first end connectable to the portable memory storage device and a second end connectable to the host device, comprising: The portable memory storage device includes a base, wherein the base accommodates a biometric device for receiving biometric data and a second end of the cable when the second end of the cable is not connected to the host device. A portable memory storage device comprising a docking enclosure for: The method of claim 19, And wherein the biometric device is placed in a position on the base where a portion of the cable adjacent to the second end of the cable covers at least a portion of the biometric device when the docking enclosure receives the second end of the cable. Portable memory storage device. A portable memory storage device operable with a host device, The portable memory storage device includes a base, a cover and a cable, The base is        A biometric device for receiving biometric data;        Nonvolatile memory in the base; And        It comprises a docking enclosure on the upper surface of the base, The cover is configured to include a connector engageable with a port of the host device to allow communication between the nonvolatile memory and the host device, the cover is engageable with the base when not in the port, A second portion covers the biometric scanner, and the docking enclosure at least partially surrounds the connector when the second portion is engaged with the first portion, And the cable connects the base and the cover, terminates in the connector, and enables communication between the nonvolatile memory and the host device. The method of claim 20, And when the received biometric data matches the reference pattern of the stored biometric data, access to the information stored in the nonvolatile memory is permitted. The method of claim 20, And when the received biometric data does not match the reference pattern of the stored biometric data, access to the information stored in the nonvolatile memory is blocked. The method of claim 20, And the connector is fitable within a USB port of the host device. The method of claim 20, And a structure for fixing the first portion and the second portion when the second portion is in the closed position. The method of claim 20, And the host device is one of a PC, a digital camera, a PDA and a cellular phone. A method of forming a portable memory storage device operable with a host device, (A) assembling a base including a non-volatile memory and a biometric scanning device having a portion adjacent the upper surface of the base; and (B) assembling a cover comprising a connector engageable within a port of the host device, wherein step (b) includes the cover of the biometric scanning device adjacent the upper surface in combination with the base. And covering the portion to cover the portion. The method of claim 26, (C) assembling the base to include a docking enclosure for receiving the connector when the cover is in engagement with the base. A method of using a portable memory storage device with a host device, The portable memory storage device includes a base having a biometric scanner and the portable memory storage device includes a cover having a connector. (A) connecting the connector to the host device to enable communication between the portable memory storage device and the host device; And (B) protecting the biometric scanner with the cover when the connector is not connected to the host device. The method of claim 28, And (b) covering the biometric scanner with the cover. The method of claim 28, And the step (b) comprises coupling the cover to the base. The method of claim 28, When the connector is not connected to the host device, further comprising the step of parking the connector in a docking enclosure on the base in step (b). How to. A method of using a portable memory storage device with a host device, (A) scanning biometric data with a biometric scanner in a first portion of the portable memory storage device; (B) connecting the portable memory storage device to the host with a connector in a second portion of the portable memory storage device; And (C) covering the biometric scanner with the second portion when the portable memory storage device is not connected to the host device. The method of claim 32, And parking said connector in a docking enclosure at said base in said step (c).

Images